<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-9">
<title>Edit staff details</title>
<SCRIPT TYPE="text/javascript" src= "../../commonutils/util/util.js"> </SCRIPT>
</head>
<style type="text/css">
th {text-align: right}
</style>
<body>
<?php include 'top.html' ?>
<?php include '../../authorization_check.php'; ?>
<?php include '../../checkRootOnly.php'; ?>


<?php
	session_start();
?>
<center><h1>Change User Password</h1></center>

<?php
require_once '../../commonutils/db/DBConnectionManager.php';

$ss = "select * from user";
$rr = DBConnectionManager::query($ss);
if(mysql_num_rows($rr) != 0)
{
	echo "<div>";
	echo "<center>";
	echo "<p>Select&nbsp;the&nbsp;user&nbsp;</p>";
	echo "<form method=\"POST\" action=\"ChangePassword.php\">";
	echo "<select name=\"selectUser\">";
	while($rrr = mysql_fetch_assoc($rr))
	{
		echo "<option value=\"".$rrr['userName']."\">".$rrr['userName']."</option>";
	}
	echo "</select>";
	echo "<input type=\"submit\" value=\"Select\" name=\"btnUpdate\">&nbsp;&nbsp;";
	echo "</form>";
	echo "</center>";
	echo "</div>";
	
}
else
{
	echo "<center><h4>No user found in database!!!</h4></center>";
}

if (isset($_POST['btnUpdate']))
{
	$srcUsername=$_POST['selectUser'];
	$s = "select * from user where userName='".$srcUsername."'";
	$rs = DBConnectionManager::query($s);
	if (mysql_num_rows($rs) == 1)
	{
		$rws = mysql_fetch_assoc($rs);
		$username = $rws['userName'];
		$userType = $rws['userType'];
		$programCode = $rws['programCode'];
		$firstname = $rws['firstName'];
		$lastname = $rws['lastName'];
		
		echo "<center>";
		echo "<form method=\"POST\" action=\"ChangePassword.php\">";
		echo "<table border=\"1\" width=\"56%\" id=\"table1\">";
		echo "<tr>";
		echo "<td colspan=\"2\" height=\"20\"><center>";
		echo "<h4>Fill in the following fields and click save button</h4>";
		echo "</center></td>";
		echo "</tr>";
		echo "<tr>";
		echo "<td width=\"112\">User Name</td>";
		echo "<td width=\"162\"><input name=\"txtUsername\" type=\"hidden\" value=\"".$username."\">".$username."</td>";
		echo "</tr>";
		echo "<tr>";
		echo "<td width=\"112\">Old Password</td>";
		echo "<td width=\"162\"><input type=\"password\" name=\"txtPasswordOld\" size=\"40\"></td>";
		echo "</tr>";
		echo "<tr>";
		echo "<td width=\"112\">New Password</td>";
		echo "<td width=\"162\"><input type=\"password\" name=\"txtPasswordNew1\" size=\"40\"></td>";
		echo "</tr>";
		echo "<tr>";
		echo "<td width=\"112\">Retype New Password</td>";
		echo "<td width=\"162\"><input type=\"password\" name=\"txtPasswordNew2\" size=\"40\"></td>";
		echo "</tr>";
		echo "</table>";
		echo "<input type=\"submit\" value=\"Change Password\" name=\"btnSubmit\">&nbsp;&nbsp;";
		echo "<input type=\"reset\" value=\"Clear\" name=\"btnReset\">&nbsp;";
		echo "<input type=\"reset\" value=\"Cancel\" name=\"btnCancel\">&nbsp;";
		echo "</form>";
		echo "</center>";
	}
	else
	{
		echo "<center><h4>Sorry no such user</h4></center>";
	}
	
}
if (isset($_POST['btnSubmit']))
{
	$uname = $_POST['txtUsername'];
	$passwordOld = $_POST['txtPasswordOld'];
	$passwordNew1 = $_POST['txtPasswordNew1'];
	$passwordNew2 = $_POST['txtPasswordNew2'];
	
	$sql = "select * from user where userName='".$uname."' and password='".$passwordOld."'";
	//echo $sql;
	
	$r = DBConnectionManager::query($sql);
	if(mysql_num_rows($r) == 1)
	{
		if ($passwordNew1 == $passwordNew2)
		{
			$sqlquery = "update user set password='".$passwordNew1."' where userName='".$uname."' and password='".$passwordOld."'";
			//echo $sqlquery;
			$result = DBConnectionManager::query($sqlquery);
			echo "<center><h4>Password successfully changed</h4></center>";
		}
		else
		{
			echo "<center><h4>Retyped password does not match</h4></center>";
		}
	}
	else
	{
		echo "<center><h4>Sorry, user name and password are not valid</h4></center>";
	}
}

?>
  



<br>
<hr color="blue">
<p>
  <a href="../../SecurityIndex.php">Back</a>
</p>


</body>
</html>